Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3287 from eclipse/jetty-9.4.x-3049-sslcontextfactory_warnings 

Issue #3049 - Warn on common SslContextFactory problematic configurations
This commit is contained in:
Simone Bordet 2019-02-04 22:56:32 +01:00 committed by GitHub
parent 6c0eee7012 13cee0bc4d
commit d22ec03acc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
15 changed files with 154 additions and 154 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
jetty-http2/http2-http-client-transport/src/test/java/org/eclipse/jetty/http2/client/http/DirectHTTP2OverTLSTest.java
View File

@ -18,8 +18,6 @@
package org.eclipse.jetty.http2.client.http;
import static org.junit.jupiter.api.Assertions.assertEquals;
import java.io.IOException;
import java.util.concurrent.TimeUnit;
@ -46,9 +44,10 @@ import org.eclipse.jetty.server.handler.AbstractHandler;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.util.thread.QueuedThreadPool;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Test;
import static org.junit.jupiter.api.Assertions.assertEquals;
public class DirectHTTP2OverTLSTest
{
private Server server;
@ -82,7 +81,9 @@ public class DirectHTTP2OverTLSTest
clientThreads.setName("client");
HttpClientTransportOverHTTP2 transport = new HttpClientTransportOverHTTP2(new HTTP2Client());
transport.setUseALPN(false);
client = new HttpClient(transport, newSslContextFactory());
SslContextFactory sslContextFactory = newSslContextFactory();
sslContextFactory.setEndpointIdentificationAlgorithm(null);
client = new HttpClient(transport, sslContextFactory);
client.setExecutor(clientThreads);
client.start();
}

13
jetty-io/src/test/java/org/eclipse/jetty/io/SslConnectionTest.java
View File

@ -18,11 +18,6 @@
package org.eclipse.jetty.io;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNull;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue;
import java.io.BufferedReader;
import java.io.File;
import java.io.IOException;
@ -52,11 +47,14 @@ import org.eclipse.jetty.util.thread.QueuedThreadPool;
import org.eclipse.jetty.util.thread.Scheduler;
import org.eclipse.jetty.util.thread.TimerScheduler;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNull;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue;
public class SslConnectionTest
{
private static final int TIMEOUT = 1000000;
@ -145,6 +143,7 @@ public class SslConnectionTest
_sslCtxFactory.setKeyManagerPassword("keypwd");
_sslCtxFactory.setRenegotiationAllowed(true);
_sslCtxFactory.setRenegotiationLimit(-1);
_sslCtxFactory.setEndpointIdentificationAlgorithm(null);
startManager();
}

39
jetty-osgi/test-jetty-osgi/src/test/java/org/eclipse/jetty/osgi/test/TestJettyOSGiBootHTTP2.java
View File

@ -18,13 +18,6 @@
package org.eclipse.jetty.osgi.test;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
import static org.ops4j.pax.exam.CoreOptions.mavenBundle;
import static org.ops4j.pax.exam.CoreOptions.systemProperty;
import java.io.File;
import java.nio.file.Path;
import java.nio.file.Paths;
@ -53,23 +46,26 @@ import org.osgi.framework.Bundle;
import org.osgi.framework.BundleContext;
import org.osgi.framework.ServiceReference;
/**
* HTTP2 setup.
*/
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
import static org.ops4j.pax.exam.CoreOptions.mavenBundle;
import static org.ops4j.pax.exam.CoreOptions.systemProperty;
@RunWith(PaxExam.class)
@ExamReactorStrategy(PerClass.class)
public class TestJettyOSGiBootHTTP2
{
private static final String LOG_LEVEL = "WARN";
@Inject
private BundleContext bundleContext;
@Configuration
public Option[] config()
{
ArrayList<Option> options = new ArrayList<Option>();
ArrayList<Option> options = new ArrayList<>();
options.add(CoreOptions.junitBundles());
options.addAll(TestOSGiUtil.configureJettyHomeAndPort(true,"jetty-http2.xml"));
options.add(CoreOptions.bootDelegationPackages("org.xml.sax", "org.xml.*", "org.w3c.*", "javax.xml.*", "javax.activation.*"));
@ -90,12 +86,12 @@ public class TestJettyOSGiBootHTTP2
options.add(systemProperty("org.ops4j.pax.logging.DefaultServiceLog.level").value(LOG_LEVEL));
options.add(systemProperty("org.eclipse.jetty.LEVEL").value("DEBUG"));
options.add(CoreOptions.cleanCaches(true));
return options.toArray(new Option[options.size()]);
return options.toArray(new Option[0]);
}
public static List<Option> http2JettyDependencies()
{
List<Option> res = new ArrayList<Option>();
List<Option> res = new ArrayList<>();
res.add(CoreOptions.systemProperty("jetty.alpn.protocols").value("h2,http/1.1"));
String alpnBoot = System.getProperty("mortbay-alpn-boot");
@ -115,7 +111,6 @@ public class TestJettyOSGiBootHTTP2
res.add(mavenBundle().groupId("org.eclipse.jetty.http2").artifactId("http2-server").versionAsInProject().start());
return res;
}
public void checkALPNBootOnBootstrapClasspath() throws Exception
{
@ -123,9 +118,8 @@ public class TestJettyOSGiBootHTTP2
assertNotNull(alpn);
assertNull(alpn.getClassLoader());
}
public void assertAllBundlesActiveOrResolved() throws Exception
public void assertAllBundlesActiveOrResolved()
{
TestOSGiUtil.debugBundles(bundleContext);
TestOSGiUtil.assertAllBundlesActiveOrResolved(bundleContext);
@ -137,19 +131,15 @@ public class TestJettyOSGiBootHTTP2
assertNotNull(server);
}
@Test
public void testHTTP2() throws Exception
{
if (Boolean.getBoolean(TestOSGiUtil.BUNDLE_DEBUG))
{
checkALPNBootOnBootstrapClasspath();
assertAllBundlesActiveOrResolved();
}
HttpClient httpClient = null;
HTTP2Client http2Client = null;
try
@ -157,10 +147,9 @@ public class TestJettyOSGiBootHTTP2
//get the port chosen for https
String tmp = System.getProperty("boot.https.port");
assertNotNull(tmp);
int port = Integer.valueOf(tmp.trim()).intValue();
int port = Integer.valueOf(tmp.trim());
Path path = Paths.get("src", "test", "config");
File base = path.toFile();
File keys = path.resolve("etc").resolve("keystore").toFile();
//set up client to do http2
@ -170,6 +159,7 @@ public class TestJettyOSGiBootHTTP2
sslContextFactory.setTrustStorePath(keys.getAbsolutePath());
sslContextFactory.setKeyStorePath(keys.getAbsolutePath());
sslContextFactory.setTrustStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
sslContextFactory.setEndpointIdentificationAlgorithm(null);
httpClient = new HttpClient(new HttpClientTransportOverHTTP2(http2Client), sslContextFactory);
Executor executor = new QueuedThreadPool();
httpClient.setExecutor(executor);
@ -186,5 +176,4 @@ public class TestJettyOSGiBootHTTP2
if (http2Client != null) http2Client.stop();
}
}
}

29
jetty-osgi/test-jetty-osgi/src/test/java/org/eclipse/jetty/osgi/test/TestJettyOSGiBootHTTP2Conscrypt.java
View File

@ -18,13 +18,6 @@
package org.eclipse.jetty.osgi.test;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
import static org.ops4j.pax.exam.CoreOptions.mavenBundle;
import static org.ops4j.pax.exam.CoreOptions.systemProperty;
import static org.ops4j.pax.exam.CoreOptions.wrappedBundle;
import java.io.File;
import java.nio.file.Path;
import java.nio.file.Paths;
@ -52,16 +45,19 @@ import org.osgi.framework.Bundle;
import org.osgi.framework.BundleContext;
import org.osgi.framework.ServiceReference;
/**
* HTTP2 setup.
*/
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
import static org.ops4j.pax.exam.CoreOptions.mavenBundle;
import static org.ops4j.pax.exam.CoreOptions.systemProperty;
import static org.ops4j.pax.exam.CoreOptions.wrappedBundle;
@RunWith(PaxExam.class)
@ExamReactorStrategy(PerClass.class)
public class TestJettyOSGiBootHTTP2Conscrypt
{
private static final String LOG_LEVEL = "WARN";
@Inject
private BundleContext bundleContext;
@ -90,7 +86,7 @@ public class TestJettyOSGiBootHTTP2Conscrypt
options.add(systemProperty("org.ops4j.pax.logging.DefaultServiceLog.level").value(LOG_LEVEL));
options.add(systemProperty("org.eclipse.jetty.LEVEL").value(LOG_LEVEL));
options.add(CoreOptions.cleanCaches(true));
return options.toArray(new Option[options.size()]);
return options.toArray(new Option[0]);
}
public static List<Option> http2JettyDependencies()
@ -114,10 +110,8 @@ public class TestJettyOSGiBootHTTP2Conscrypt
res.add(mavenBundle().groupId("org.eclipse.jetty.http2").artifactId("http2-server").versionAsInProject().start());
return res;
}
public void assertAllBundlesActiveOrResolved() throws Exception
public void assertAllBundlesActiveOrResolved()
{
TestOSGiUtil.debugBundles(bundleContext);
Bundle conscrypt = TestOSGiUtil.getBundle(bundleContext, "org.eclipse.jetty.alpn.conscrypt.server");
@ -128,7 +122,6 @@ public class TestJettyOSGiBootHTTP2Conscrypt
assertTrue(services.length > 0);
}
@Test
public void testHTTP2() throws Exception
{
@ -151,6 +144,7 @@ public class TestJettyOSGiBootHTTP2Conscrypt
sslContextFactory.setKeyStorePath(keys.getAbsolutePath());
sslContextFactory.setTrustStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
sslContextFactory.setProvider("Conscrypt");
sslContextFactory.setEndpointIdentificationAlgorithm(null);
HttpClient httpClient = new HttpClient(new HttpClientTransportOverHTTP2(http2Client), sslContextFactory);
Executor executor = new QueuedThreadPool();
httpClient.setExecutor(executor);
@ -164,8 +158,7 @@ public class TestJettyOSGiBootHTTP2Conscrypt
}
finally
{
if (client != null) client.stop();
client.stop();
}
}
}

24
jetty-osgi/test-jetty-osgi/src/test/java/org/eclipse/jetty/osgi/test/TestJettyOSGiBootHTTP2JDK9.java
View File

@ -18,12 +18,6 @@
package org.eclipse.jetty.osgi.test;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
import static org.ops4j.pax.exam.CoreOptions.mavenBundle;
import static org.ops4j.pax.exam.CoreOptions.systemProperty;
import java.io.File;
import java.nio.file.Path;
import java.nio.file.Paths;
@ -51,16 +45,18 @@ import org.osgi.framework.Bundle;
import org.osgi.framework.BundleContext;
import org.osgi.framework.ServiceReference;
/**
* Test HTTP2 using java9 alpn.
*/
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
import static org.ops4j.pax.exam.CoreOptions.mavenBundle;
import static org.ops4j.pax.exam.CoreOptions.systemProperty;
@RunWith(PaxExam.class)
@ExamReactorStrategy(PerClass.class)
public class TestJettyOSGiBootHTTP2JDK9
{
private static final String LOG_LEVEL = "WARN";
@Inject
private BundleContext bundleContext;
@ -88,7 +84,7 @@ public class TestJettyOSGiBootHTTP2JDK9
options.add(systemProperty("org.ops4j.pax.logging.DefaultServiceLog.level").value(LOG_LEVEL));
options.add(systemProperty("org.eclipse.jetty.LEVEL").value(LOG_LEVEL));
options.add(CoreOptions.cleanCaches(true));
return options.toArray(new Option[options.size()]);
return options.toArray(new Option[0]);
}
public static List<Option> http2JettyDependencies()
@ -105,9 +101,8 @@ public class TestJettyOSGiBootHTTP2JDK9
res.add(mavenBundle().groupId("org.eclipse.jetty.http2").artifactId("http2-server").versionAsInProject().start());
return res;
}
public void assertAllBundlesActiveOrResolved() throws Exception
public void assertAllBundlesActiveOrResolved()
{
TestOSGiUtil.debugBundles(bundleContext);
TestOSGiUtil.assertAllBundlesActiveOrResolved(bundleContext);
@ -119,8 +114,6 @@ public class TestJettyOSGiBootHTTP2JDK9
assertNotNull(server);
}
@Test
public void testHTTP2() throws Exception
{
@ -145,6 +138,7 @@ public class TestJettyOSGiBootHTTP2JDK9
sslContextFactory.setTrustStorePath(keys.getAbsolutePath());
sslContextFactory.setKeyStorePath(keys.getAbsolutePath());
sslContextFactory.setTrustStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
sslContextFactory.setEndpointIdentificationAlgorithm(null);
httpClient = new HttpClient(new HttpClientTransportOverHTTP2(http2Client), sslContextFactory);
Executor executor = new QueuedThreadPool();
httpClient.setExecutor(executor);

13
jetty-proxy/src/test/java/org/eclipse/jetty/proxy/ForwardProxyServerTest.java
View File

@ -18,10 +18,6 @@
package org.eclipse.jetty.proxy;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertFalse;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.util.stream.Stream;
@ -52,6 +48,10 @@ import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.Arguments;
import org.junit.jupiter.params.provider.MethodSource;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertFalse;
public class ForwardProxyServerTest
{
@SuppressWarnings("Duplicates")
@ -68,9 +68,7 @@ public class ForwardProxyServerTest
scenario2.setKeyManagerPassword("keypwd");
// TODO: add more SslContextFactory configurations/scenarios?
return Stream.of(
scenario1, scenario2
).map(Arguments::of);
return Stream.of(scenario1, scenario2).map(Arguments::of);
}
private SslContextFactory serverSslContextFactory;
@ -209,6 +207,7 @@ public class ForwardProxyServerTest
clientSsl.setKeyStorePath(keyStorePath);
clientSsl.setKeyStorePassword("storepwd");
clientSsl.setKeyManagerPassword("keypwd");
clientSsl.setEndpointIdentificationAlgorithm(null);
HttpClient httpClient = new HttpClient(clientSsl);
httpClient.getProxyConfiguration().getProxies().add(newHttpProxy());

46
jetty-proxy/src/test/java/org/eclipse/jetty/proxy/ForwardProxyTLSServerTest.java
View File

@ -18,12 +18,6 @@
package org.eclipse.jetty.proxy;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.junit.jupiter.api.Assumptions.assumeTrue;
import java.io.IOException;
import java.net.ConnectException;
import java.net.Socket;
@ -72,6 +66,12 @@ import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.Arguments;
import org.junit.jupiter.params.provider.MethodSource;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.junit.jupiter.api.Assumptions.assumeTrue;
public class ForwardProxyTLSServerTest
{
@SuppressWarnings("Duplicates")
@ -88,9 +88,7 @@ public class ForwardProxyTLSServerTest
scenario2.setKeyManagerPassword("keypwd");
// TODO: add more SslContextFactory configurations/scenarios?
return Stream.of(
scenario1, scenario2
).map(Arguments::of);
return Stream.of(scenario1, scenario2).map(Arguments::of);
}
private SslContextFactory proxySslContextFactory;
@ -109,7 +107,7 @@ public class ForwardProxyTLSServerTest
QueuedThreadPool serverThreads = new QueuedThreadPool();
serverThreads.setName("server");
server = new Server(serverThreads);
serverConnector = new ServerConnector(server, newSslContextFactory());
serverConnector = new ServerConnector(server, newServerSslContextFactory());
server.addConnector(serverConnector);
server.setHandler(handler);
server.start();
@ -139,7 +137,7 @@ public class ForwardProxyTLSServerTest
return new HttpProxy(new Origin.Address("localhost", proxyConnector.getLocalPort()), proxySslContextFactory != null);
}
private static SslContextFactory newSslContextFactory()
private static SslContextFactory newServerSslContextFactory()
{
SslContextFactory sslContextFactory = new SslContextFactory();
String keyStorePath = MavenTestingUtils.getTestResourceFile("keystore").getAbsolutePath();
@ -147,6 +145,14 @@ public class ForwardProxyTLSServerTest
sslContextFactory.setKeyStorePassword("storepwd");
sslContextFactory.setKeyManagerPassword("keypwd");
return sslContextFactory;
}
private static SslContextFactory newClientSslContextFactory()
{
SslContextFactory sslContextFactory = newServerSslContextFactory();
sslContextFactory.setEndpointIdentificationAlgorithm(null);
return sslContextFactory;
}
@AfterEach
@ -182,7 +188,7 @@ public class ForwardProxyTLSServerTest
startTLSServer(new ServerHandler());
startProxy();
HttpClient httpClient = new HttpClient(newSslContextFactory());
HttpClient httpClient = new HttpClient(newClientSslContextFactory());
httpClient.getProxyConfiguration().getProxies().add(newHttpProxy());
httpClient.start();
@ -218,7 +224,7 @@ public class ForwardProxyTLSServerTest
startTLSServer(new ServerHandler());
startProxy();
HttpClient httpClient = new HttpClient(newSslContextFactory());
HttpClient httpClient = new HttpClient(newClientSslContextFactory());
httpClient.getProxyConfiguration().getProxies().add(newHttpProxy());
httpClient.start();
@ -265,7 +271,7 @@ public class ForwardProxyTLSServerTest
startTLSServer(new ServerHandler());
startProxy();
final HttpClient httpClient = new HttpClient(newSslContextFactory());
final HttpClient httpClient = new HttpClient(newClientSslContextFactory());
httpClient.getProxyConfiguration().getProxies().add(newHttpProxy());
httpClient.start();
@ -351,7 +357,7 @@ public class ForwardProxyTLSServerTest
}
});
HttpClient httpClient = new HttpClient(newSslContextFactory());
HttpClient httpClient = new HttpClient(newClientSslContextFactory());
httpClient.getProxyConfiguration().getProxies().add(newHttpProxy());
// Short idle timeout for HttpClient.
httpClient.setIdleTimeout(idleTimeout);
@ -390,7 +396,7 @@ public class ForwardProxyTLSServerTest
int proxyPort = proxyConnector.getLocalPort();
stopProxy();
HttpClient httpClient = new HttpClient(newSslContextFactory());
HttpClient httpClient = new HttpClient(newClientSslContextFactory());
httpClient.getProxyConfiguration().getProxies().add(new HttpProxy(new Origin.Address("localhost", proxyPort), proxySslContextFactory != null));
httpClient.start();
@ -418,7 +424,7 @@ public class ForwardProxyTLSServerTest
stopServer();
startProxy();
HttpClient httpClient = new HttpClient(newSslContextFactory());
HttpClient httpClient = new HttpClient(newClientSslContextFactory());
httpClient.getProxyConfiguration().getProxies().add(newHttpProxy());
httpClient.start();
@ -450,7 +456,7 @@ public class ForwardProxyTLSServerTest
}
});
HttpClient httpClient = new HttpClient(newSslContextFactory());
HttpClient httpClient = new HttpClient(newClientSslContextFactory());
httpClient.getProxyConfiguration().getProxies().add(newHttpProxy());
httpClient.start();
@ -574,7 +580,7 @@ public class ForwardProxyTLSServerTest
startTLSServer(new ServerHandler());
startProxy(connectHandler);
HttpClient httpClient = new HttpClient(newSslContextFactory());
HttpClient httpClient = new HttpClient(newClientSslContextFactory());
HttpProxy httpProxy = newHttpProxy();
if (includeAddress)
httpProxy.getIncludedAddresses().add("localhost:" + serverConnector.getLocalPort());
@ -626,7 +632,7 @@ public class ForwardProxyTLSServerTest
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.start();
HttpClient httpClient = new HttpClient(newSslContextFactory());
HttpClient httpClient = new HttpClient(newClientSslContextFactory());
httpClient.getProxyConfiguration().getProxies().add(new HttpProxy(proxyHost, proxyPort));
httpClient.start();

2
jetty-server/src/main/config/etc/jetty-ssl-context.xml
View File

@ -21,7 +21,7 @@
<Set name="TrustStorePassword"><Property name="jetty.sslContext.trustStorePassword" deprecated="jetty.truststore.password"/></Set>
<Set name="TrustStoreType"><Property name="jetty.sslContext.trustStoreType"/></Set>
<Set name="TrustStoreProvider"><Property name="jetty.sslContext.trustStoreProvider"/></Set>
<Set name="EndpointIdentificationAlgorithm"><Property name="jetty.sslContext.endpointIdentificationAlgorithm"/></Set>
<Set name="EndpointIdentificationAlgorithm"><Property name="jetty.sslContext.endpointIdentificationAlgorithm" default="HTTPS"/></Set>
<Set name="NeedClientAuth"><Property name="jetty.sslContext.needClientAuth" deprecated="jetty.ssl.needClientAuth" default="false"/></Set>
<Set name="WantClientAuth"><Property name="jetty.sslContext.wantClientAuth" deprecated="jetty.ssl.wantClientAuth" default="false"/></Set>
<Set name="useCipherSuitesOrder"><Property name="jetty.sslContext.useCipherSuitesOrder" default="true"/></Set>

2
jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
View File

@ -188,7 +188,7 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
private int _sslSessionCacheSize = -1;
private int _sslSessionTimeout = -1;
private SSLContext _setContext;
private String _endpointIdentificationAlgorithm = null;
private String _endpointIdentificationAlgorithm = "HTTPS";
private boolean _trustAll;
private boolean _renegotiationAllowed = true;
private int _renegotiationLimit = 5;

10
jetty-websocket/websocket-server/src/test/java/org/eclipse/jetty/websocket/server/PerMessageDeflateExtensionTest.java
View File

@ -18,11 +18,6 @@
package org.eclipse.jetty.websocket.server;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.is;
import static org.junit.jupiter.api.Assumptions.assumeTrue;
import java.nio.ByteBuffer;
import java.util.ArrayList;
import java.util.List;
@ -45,6 +40,11 @@ import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.Arguments;
import org.junit.jupiter.params.provider.MethodSource;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.is;
import static org.junit.jupiter.api.Assumptions.assumeTrue;
public class PerMessageDeflateExtensionTest
{
public static Stream<Arguments> modes()

1
jetty-websocket/websocket-server/src/test/java/org/eclipse/jetty/websocket/server/SimpleServletServer.java
View File

@ -95,6 +95,7 @@ public class SimpleServletServer
sslContextFactory.setExcludeCipherSuites("SSL_RSA_WITH_DES_CBC_SHA","SSL_DHE_RSA_WITH_DES_CBC_SHA","SSL_DHE_DSS_WITH_DES_CBC_SHA",
"SSL_RSA_EXPORT_WITH_RC4_40_MD5","SSL_RSA_EXPORT_WITH_DES40_CBC_SHA","SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
"SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA");
sslContextFactory.setEndpointIdentificationAlgorithm(null);
// SSL HTTP Configuration
HttpConfiguration https_config = new HttpConfiguration(http_config);

9
tests/test-http-client-transport/src/test/java/org/eclipse/jetty/http/client/HttpChannelAssociationTest.java
View File

@ -18,8 +18,6 @@
package org.eclipse.jetty.http.client;
import static org.junit.jupiter.api.Assertions.assertTrue;
import java.io.IOException;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;
@ -45,10 +43,13 @@ import org.eclipse.jetty.http2.client.http.HttpConnectionOverHTTP2;
import org.eclipse.jetty.io.EndPoint;
import org.eclipse.jetty.unixsocket.client.HttpClientTransportOverUnixSockets;
import org.eclipse.jetty.util.Promise;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.util.thread.QueuedThreadPool;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.ArgumentsSource;
import static org.junit.jupiter.api.Assertions.assertTrue;
public class HttpChannelAssociationTest extends AbstractTest<TransportScenario>
{
@Override
@ -89,13 +90,15 @@ public class HttpChannelAssociationTest extends AbstractTest<TransportScenario>
scenario.startServer(new EmptyServerHandler());
long idleTimeout = 1000;
SslContextFactory sslContextFactory = scenario.newSslContextFactory();
sslContextFactory.setEndpointIdentificationAlgorithm(null);
scenario.client = new HttpClient(newHttpClientTransport(scenario, exchange ->
{
// We idle timeout just before the association,
// we must be able to send the request successfully.
sleep(2 * idleTimeout);
return true;
}), scenario.sslContextFactory);
}), sslContextFactory);
QueuedThreadPool clientThreads = new QueuedThreadPool();
clientThreads.setName("client");
scenario.client.setExecutor(clientThreads);

40
tests/test-http-client-transport/src/test/java/org/eclipse/jetty/http/client/HttpClientTimeoutTest.java
View File

@ -18,16 +18,6 @@
package org.eclipse.jetty.http.client;
import static org.eclipse.jetty.http.client.Transport.UNIX_SOCKET;
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertNull;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.junit.jupiter.api.Assertions.fail;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InterruptedIOException;
@ -64,10 +54,21 @@ import org.eclipse.jetty.io.ssl.SslConnection;
import org.eclipse.jetty.server.handler.AbstractHandler;
import org.eclipse.jetty.util.FuturePromise;
import org.eclipse.jetty.util.IO;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.junit.jupiter.api.Assumptions;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.ArgumentsSource;
import static org.eclipse.jetty.http.client.Transport.UNIX_SOCKET;
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertNull;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.junit.jupiter.api.Assertions.fail;
public class HttpClientTimeoutTest extends AbstractTest<TransportScenario>
{
@Override
@ -84,7 +85,8 @@ public class HttpClientTimeoutTest extends AbstractTest<TransportScenario>
long timeout = 1000;
scenario.start(new TimeoutHandler(2 * timeout));
assertThrows(TimeoutException.class, ()-> {
assertThrows(TimeoutException.class, () ->
{
scenario.client.newRequest(scenario.newURI())
.timeout(timeout, TimeUnit.MILLISECONDS)
.send();
@ -249,7 +251,9 @@ public class HttpClientTimeoutTest extends AbstractTest<TransportScenario>
scenario.startServer(new TimeoutHandler(2 * timeout));
AtomicBoolean sslIdle = new AtomicBoolean();
scenario.client = new HttpClient(scenario.provideClientTransport(), scenario.sslContextFactory)
SslContextFactory sslContextFactory = scenario.newSslContextFactory();
sslContextFactory.setEndpointIdentificationAlgorithm(null);
scenario.client = new HttpClient(scenario.provideClientTransport(), sslContextFactory)
{
@Override
public ClientConnectionFactory newSslClientConnectionFactory(ClientConnectionFactory connectionFactory)
@ -275,7 +279,8 @@ public class HttpClientTimeoutTest extends AbstractTest<TransportScenario>
scenario.client.setIdleTimeout(timeout);
scenario.client.start();
assertThrows(TimeoutException.class, ()->{
assertThrows(TimeoutException.class, () ->
{
scenario.client.newRequest(scenario.newURI())
.send();
});
@ -427,14 +432,17 @@ public class HttpClientTimeoutTest extends AbstractTest<TransportScenario>
long timeout = 1000;
String uri = "badscheme://0.0.0.1";
if(scenario.getNetworkConnectorLocalPort().isPresent())
if (scenario.getNetworkConnectorLocalPort().isPresent())
uri += ":" + scenario.getNetworkConnectorLocalPort().get();
Request request = scenario.client.newRequest(uri);
// TODO: assert a more specific Throwable
assertThrows(Exception.class, ()-> {
assertThrows(Exception.class, () ->
{
request.timeout(timeout, TimeUnit.MILLISECONDS)
.send(result -> {});
.send(result ->
{
});
});
Thread.sleep(2 * timeout);

22
tests/test-http-client-transport/src/test/java/org/eclipse/jetty/http/client/TransportScenario.java
View File

@ -298,6 +298,8 @@ public class TransportScenario
QueuedThreadPool clientThreads = new QueuedThreadPool();
clientThreads.setName("client");
clientThreads.setDetailedDump(true);
SslContextFactory sslContextFactory = newSslContextFactory();
sslContextFactory.setEndpointIdentificationAlgorithm(null);
client = newHttpClient(provideClientTransport(transport), sslContextFactory);
client.setExecutor(clientThreads);
client.setSocketAddressResolver(new SocketAddressResolver.Sync());
@ -322,13 +324,7 @@ public class TransportScenario
public void startServer(Handler handler) throws Exception
{
sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
sslContextFactory.setKeyStorePassword("storepwd");
sslContextFactory.setTrustStorePath("src/test/resources/truststore.jks");
sslContextFactory.setTrustStorePassword("storepwd");
sslContextFactory.setUseCipherSuitesOrder(true);
sslContextFactory.setCipherComparator(HTTP2Cipher.COMPARATOR);
sslContextFactory = newSslContextFactory();
QueuedThreadPool serverThreads = new QueuedThreadPool();
serverThreads.setName("server");
serverThreads.setDetailedDump(true);
@ -356,6 +352,18 @@ public class TransportScenario
}
}
protected SslContextFactory newSslContextFactory()
{
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
sslContextFactory.setKeyStorePassword("storepwd");
sslContextFactory.setTrustStorePath("src/test/resources/truststore.jks");
sslContextFactory.setTrustStorePassword("storepwd");
sslContextFactory.setUseCipherSuitesOrder(true);
sslContextFactory.setCipherComparator(HTTP2Cipher.COMPARATOR);
return sslContextFactory;
}
public void stopClient() throws Exception
{
if (client != null)

49
tests/test-integration/src/test/java/org/eclipse/jetty/test/HttpInputIntegrationTest.java
View File

@ -18,6 +18,29 @@
package org.eclipse.jetty.test;
import java.io.IOException;
import java.io.OutputStream;
import java.net.Inet4Address;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.stream.Stream;
import javax.net.ssl.SSLSocket;
import javax.servlet.AsyncContext;
import javax.servlet.ReadListener;
import javax.servlet.ServletException;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.jetty.http.HttpVersion;
import org.eclipse.jetty.http2.server.HTTP2CServerConnectionFactory;
import org.eclipse.jetty.server.Connector;
@ -36,9 +59,7 @@ import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.eclipse.jetty.util.BufferUtil;
import org.eclipse.jetty.util.IO;
import org.eclipse.jetty.util.JavaVersion;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.hamcrest.Matchers;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.condition.DisabledOnJre;
@ -47,32 +68,9 @@ import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.Arguments;
import org.junit.jupiter.params.provider.MethodSource;
import javax.net.ssl.SSLSocket;
import javax.servlet.AsyncContext;
import javax.servlet.ReadListener;
import javax.servlet.ServletException;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.OutputStream;
import java.net.Inet4Address;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.stream.Stream;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.junit.jupiter.api.Assertions.fail;
import static org.junit.jupiter.api.Assumptions.assumeTrue;
public class HttpInputIntegrationTest
{
@ -107,6 +105,7 @@ public class HttpInputIntegrationTest
__sslContextFactory.setKeyStorePath(jetty_distro + "/../../../jetty-server/src/test/config/etc/keystore");
__sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
__sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
__sslContextFactory.setEndpointIdentificationAlgorithm(null);
// HTTPS Configuration
__sslConfig = new HttpConfiguration(__config);